Security in Machine Learning Engineering: A white-box attack and simple countermeasures

Some weeks ago during a security training for developers provided by Marcus from Hackmanit (by the way, it’s a very good course that goes in some topics since web development until vulnerabilities of NoSQL and some defensive coding) we discussed about some white box attacks in web applications (e.g.attacks where the offender has internal access in the object) I got a bit curious to check if there’s some similar vulnerabilities in ML models.  After running a simple script based in [1],[2],[3] using Scikit-Learn, I noticed there’s some latent vulnerabilities not only in terms of objects but also in regarding to have a proper security mindset when we’re developing ML models.  But first let’s check a simple example.

Machine Learning new version of the quote: “In God we trust, all others must bring data”

Edwards Deming said: In God we trust, all others must bring data.Source Wikipedia In face of a very nice thread of Cecile Janssens in Twitter I’m making this new statement for every ML Engineer, Data Analyst, Data Scientist hereafter: “IN GOD WE TRUST, OTHERS MUST BRING THE RAW DATA WITH THE SOURCE CODE OF THE EXTRACTION IN THE GITHUB“CLESIO, Flavio.